SELinux Mailing List - NSA/CSS

Skip All Menus Skip Top Menu

Top Navigation Menus

Research Skip Research Menus Research Menu Security Enhanced Linux What's New Frequently Asked Questions Background Documents License Download Participating Mail List Archives Remaining Work Contributors Related Work Press Releases Information Assurance Research NIARL In-house Research Areas Mathematical Sciences Program Sabbaticals Computer & Information Sciences Research Technology Transfer Advanced Computing Advanced Mathematics Communications & Networking Information Processing Microelectronics Other Technologies Technology Fact Sheets Publications Related Links	Skip Search Box Searchbox SELinux Mailing List Re: [LTP] Se-Linux Updates for LTP This message: [ Message body ] [ More options ] Related messages: [ Next message ] [ Previous message ] [ In reply to ] [ Next in thread ] From: Subrata Modak <subrata_at_linux.vnet.ibm.com> Date: Thu, 13 Dec 2007 15:14:00 +0530 On Wed, 2007-12-12 at 13:47 -0600, Joy Latten wrote: > My apologies for the delay in responding. > I would like to consult with a colleague > about status of the selinux testcases in LTP, > but he is out for rest of year. > > Is it ok if I get back to you with a conclusion at the > beginning of the new year? ThatÅ> OK. Now Stephen has already given the Patch. Now i know that i need to turn to you/Stephen for any updates on se-linux. Please do update us for anything and everything. --Subrata > > regards, > Joy > > > On Wed, 2007-12-12 at 16:47 +0530, Subrata Modak wrote: > > On Tue, 2007-12-11 at 09:52 -0600, Serge E. Hallyn wrote: > > > Quoting Subrata Modak (subrata@linux.vnet.ibm.com): > > > > On Mon, 2007-12-10 at 11:15 -0600, Serge E. Hallyn wrote: > > > > > Quoting Stephen Smalley (sds@tycho.nsa.gov): > > > > > > On Mon, 2007-12-10 at 11:31 +0530, Subrata Modak wrote: > > > > > > > On Fri, 2007-12-07 at 21:55 +0530, Subrata Modak wrote: > > > > > > > > Hi All, > > > > > > > > > > > > > > > > Today i had the opportunity to meet James Morris from Red Hat at FOSS.in > > > > > > > > held at Bangalore, India. After his talks on Se-Linux, we were > > > > > > > > discussing about the Policy Reference support for Se-linux available in > > > > > > > > LTP under the directory: > > > > > > > > ltp/testcases/kernel/security/selinux-testsuite/ > > > > > > > > > > > > > > > > Though i have released RHEL5 EAL4+ Certification Testsuites from IBM, i > > > > > > > > have not seen the testcases under: > > > > > > > > ltp/testcases/kernel/security/selinux-testsuite/ > > > > > > > > updated for more than an year. I am not aware exactly about the reason > > > > > > > > for the same. I would like to request you send me any updates that you > > > > > > > > may want to give to LTP for your selinux-testsuite. > > > > > > > > > > > > > > Can somebody give me some direction on this ?? > > > > > > > > > > > > What kind of direction are you seeking? > > > > > > > > > > > > We gave the selinux testsuite to IBM at their request, and they ported > > > > > > it over to the LTP and submitted it there. Joy Latten was involved in > > > > > > the porting; I've cc'd her above. > > > > > > > > Well i have not received any selinux testcases updates for reference > > > > policy for the last 3 quarters. What i have received and released is > > > > EAL4+ Certification Test Suite, which includes > > > > rhel5_ibm_eal4_cert_suite2.tgz. I drilled down in to this and tried to > > > > find whether there are any se-linux testcases included here, which are > > > > apparently present in ltp/testcases/kernel/security/selinux-testsuite/ > > > > directory of ltp-full-20073011.tgz (can be downloaded from > > > > http://prdownloads.sourceforge.net/ltp/ltp-full-20071130.tgz?download). > > > > I did not find either of them. They seemed different to me. > > > > > > > > > > > > > > So the question is who should update the testsuite. This is not just an > > > > > issue for selinux, but for all the ltp tests. > > > > > > > > > > One could say it's Joy because she submitted the testcases. But let me > > > > > warn you that that attitude will definitely decrease the likelyhood of > > > > > testcases being submitted to LTP. (It'll certainly deter me) > > > > > > > > > > One could say it should be the selinux community in general, but that > > > > > community is too large for such an answer to be helpful, and it may not > > > > > be fair since they can say "we didn't submit that." > > > > > > > > > > One could say it should be the reference policy maintainer, because I > > > > > suspect refpolicy updates will be the biggest cause of breakage - but > > > > > that isn't fair to him since again he didn't submit it. > > > > > > > > > > One might say it should be the ltp community - after the biggest > > > > > advantage of submitting to LTP should be some free maintenance. However > > > > > it likely doesn't have the needed expertise. > > > > > > > > Ok. This is i would say as a collective responsibility rather than > > > > somebody?? alone. It is the responsibility of the maintainer (here LTP > > > > and hence myself) to find out the validity of test cases in his/her > > > > project he/she is maintaining, and, then try to contact the author(s) of > > > > that particular test case component to provide updates if even he/she > > > > (Author(s)) has the updates themselves. Now it is upto their (Author(s)) > > > > interest to write back if they are interested. Else the Maintainer is > > > > helpless. > > > > I initiated this mail as i found it my responsibility to find out > > > > authors who actually wrote these reference policy test cases for > > > > se-linux, and which are part of LTP in > > > > ltp/testcases/kernel/security/selinux-testsuite/ directory. Now if the > > > > author(s) respond, then i would work hard to integrate the same. > > > > After interaction with James Morris at FOSS.in, Bangalore, India, i came > > > > to know that he is also working on se-linux and he mentioned about the > > > > presence of reference policy support in LTP. I pointed him the release > > > > that i made this year (EAL4+ Certification Test Suite) and also > > > > requested him whether he can update me on the se-linux reference policy > > > > test cases of se-linux available inside Main LTP, he pointed me to write > > > > to se-linux test suite mailing list. Hence this mail. > > > > > > Reasonable. And it looks like the prod was needed. > > > > So, can somebody now give me some updates for testcases in this > > Directory:: > > http://ltp.cvs.sourceforge.net/ltp/ltp/testcases/kernel/security/selinux-testsuite/, > > > > Regards-- > > Subrata > > > > > > > > > Now i myself has never executed these test case, so not aware of them > > > > much. But that should not prevent me from requesting updates of the > > > > same. I would be extremely happy even if we can reach the final updates > > > > through some pointer-to-pointer and that will serve my purpose of having > > > > all updates in LTP. > > > > > > > > Just to cite an example, i recently found out that there are updates > > > > being made to pounder21 test suite(present inside LTP), by somebody for > > > > his/her internal project use. Now, the same has never been updated in > > > > LTP for quite long time. I immediately mailed to him requesting him for > > > > updates. Now my purpose will be served if i get updates from him, let > > > > alone it comes to me after long time is not the question. > > > > > > > > > > > > > > Anyway I think there is value to having the selinux testsuite. Though > > > > > one problem with having it in LTP is that most LTP runs are done on > > > > > machines which are not set up right for selinux. I personally haven't > > > > > had enough potential target machines to be able to run the tests > > > > > regularly. So I don't even know whether anyone has run > > > > > ltp/testcases/kernel/security/selinux-testsuite/ in the last year. Joy > > > > > might know though. > > > > > > > > > > So given that I personally don't know who to pin down, and given that I > > > > > don't have time to maintain the testsuite by myself, if I could get two > > > > > or three other people to volunteer to help out, I wouldn't mind being > > > > > part of a group responsible for the maintenance. > > > > > > > > > > For starters, I finally have a fedora 8 vm set up which once I'm done > > > > > with another test i can use to try out the existing testsuite. > > > > > Hopefully that'll be later this week (no guarantees). I'll report on > > > > > the results. > > > > > > > > > > -serge > > > > > > > > Thanks Serge. Will wait for your results. > > > > > > thanks, > > > -serge > > > > > > -- > > > This message was distributed to subscribers of the selinux mailing list. > > > If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with > > > the words "unsubscribe selinux" without quotes as the message. > > > > > > -- > > This message was distributed to subscribers of the selinux mailing list. > > If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with > > the words "unsubscribe selinux" without quotes as the message. -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with the words "unsubscribe selinux" without quotes as the message. Received on Thu 13 Dec 2007 - 04:44:18 EST This message: [ Message body ] Next message: Subrata Modak: "Re: [LTP] Se-Linux Updates for LTP" Previous message: David Howells: "Re: [PATCH 08/28] SECURITY: Allow kernel services to override LSM settings for task actions [try #2]" In reply to: Joy Latten: "Re: [LTP] Se-Linux Updates for LTP" Next in thread: Stephen Smalley: "Re: [LTP] Se-Linux Updates for LTP" Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ]
	Date Posted: Jan 15, 2009 \| Last Modified: Jan 15, 2009 \| Last Reviewed: Jan 15, 2009

bottom